Chrome@* Security Vulnerabilities and Issues — Page 4 of Chrome@* CVE List

Lucene search

GoogleChrome*

3596 matches found

CVE•added 2024/08/21 9:15 p.m.•320 views

CVE-2024-7975

Inappropriate implementation in Permissions in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

4.3CVSS6.4AI score0.00117EPSS

CVE•added 2019/05/23 8:29 p.m.•316 views

CVE-2019-5788

An integer overflow that leads to a use-after-free in Blink Storage in Google Chrome on Linux prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.

9.3CVSS8.4AI score0.465EPSS

CVE•added 2020/07/22 5:15 p.m.•313 views

CVE-2020-6519

Policy bypass in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page.

6.5CVSS6.7AI score0.29231EPSS

CVE•added 2024/04/17 8:15 a.m.•313 views

CVE-2024-3838

Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed an attacker who convinced a user to install a malicious app to perform UI spoofing via a crafted app. (Chromium security severity: Medium)

5.5CVSS5.7AI score0.00114EPSS

CVE•added 2021/08/03 7:15 p.m.•312 views

CVE-2021-30561

Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.4AI score0.01211EPSS

CVE•added 2024/04/06 3:15 p.m.•312 views

CVE-2024-3159

Out of bounds memory access in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8AI score0.04741EPSS

CVE•added 2019/06/27 5:15 p.m.•309 views

CVE-2019-5831

Object lifecycle issue in V8 in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.4AI score0.01864EPSS

CVE•added 2023/05/30 10:15 p.m.•308 views

CVE-2023-2937

Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

4.3CVSS4.7AI score0.00128EPSS

CVE•added 2020/02/11 3:15 p.m.•307 views

CVE-2020-6404

Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS7.7AI score0.01744EPSS

CVE•added 2024/08/21 9:15 p.m.•307 views

CVE-2024-7965

Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.6AI score0.10893EPSS

CVE•added 2020/01/10 10:15 p.m.•304 views

CVE-2020-6377

Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.02899EPSS

CVE•added 2019/05/23 8:29 p.m.•303 views

CVE-2019-5796

Data race in extensions guest view in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

7.5CVSS7.6AI score0.0737EPSS

CVE•added 2022/07/21 11:15 p.m.•302 views

CVE-2022-0971

Use after free in Blink Layout in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.9AI score0.00425EPSS

CVE•added 2019/06/27 5:15 p.m.•301 views

CVE-2019-5808

Use after free in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.0261EPSS

CVE•added 2025/06/24 8:15 p.m.•301 views

CVE-2025-6556

Insufficient policy enforcement in Loader in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)

5.4CVSS6.3AI score0.0002EPSS

CVE•added 2019/06/27 5:15 p.m.•300 views

CVE-2019-5821

Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

8.8CVSS8.5AI score0.01514EPSS

CVE•added 2022/07/28 1:15 a.m.•300 views

CVE-2022-2010

Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

9.3CVSS8.7AI score0.0042EPSS

CVE•added 2025/06/24 8:15 p.m.•300 views

CVE-2025-6555

Use after free in Animation in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

5.4CVSS7.3AI score0.0005EPSS

CVE•added 2015/07/23 12:59 a.m.•299 views

CVE-2015-1283

Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a relate...

6.8CVSS8.4AI score0.05699EPSS

CVE•added 2019/05/23 8:29 p.m.•299 views

CVE-2019-5791

Inappropriate optimization in V8 in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

8.8CVSS8AI score0.0197EPSS

CVE•added 2019/05/23 8:29 p.m.•298 views

CVE-2019-5794

Incorrect handling of cancelled requests in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

6.5CVSS6.4AI score0.00223EPSS

CVE•added 2019/06/27 5:15 p.m.•298 views

CVE-2019-5810

Information leak in autofill in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

6.5CVSS6.1AI score0.00487EPSS

CVE•added 2023/08/23 12:15 a.m.•297 views

CVE-2023-4430

Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.8AI score0.11354EPSS

CVE•added 2024/04/06 3:15 p.m.•296 views

CVE-2024-3158

Use after free in Bookmarks in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.8AI score0.01012EPSS

CVE•added 2023/08/03 1:15 a.m.•295 views

CVE-2023-4078

Inappropriate implementation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium)

8.8CVSS7.7AI score0.00156EPSS

CVE•added 2024/09/03 11:15 p.m.•295 views

CVE-2024-8362

Use after free in WebAudio in Google Chrome prior to 128.0.6613.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS7.1AI score0.00142EPSS

CVE•added 2023/10/11 11:15 p.m.•294 views

CVE-2023-5487

Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)

6.5CVSS6.5AI score0.00034EPSS

CVE•added 2024/11/19 8:15 p.m.•294 views

CVE-2024-11395

Type Confusion in V8 in Google Chrome prior to 131.0.6778.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.6AI score0.00217EPSS

CVE•added 2019/05/23 8:29 p.m.•293 views

CVE-2019-5793

Insufficient policy enforcement in extensions in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to initiate the extensions installation user interface via a crafted HTML page.

6.5CVSS6.3AI score0.00317EPSS

CVE•added 2019/06/27 5:15 p.m.•293 views

CVE-2019-5811

Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

8.8CVSS7.8AI score0.00841EPSS

CVE•added 2020/01/03 11:15 p.m.•292 views

CVE-2019-5844

Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

6.5CVSS7AI score0.00966EPSS

CVE•added 2020/04/13 6:15 p.m.•292 views

CVE-2020-6423

Use after free in audio in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.01896EPSS

CVE•added 2024/06/20 12:15 a.m.•292 views

CVE-2024-6100

Type Confusion in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

8.8CVSS7.2AI score0.0122EPSS

CVE•added 2019/06/27 5:15 p.m.•291 views

CVE-2019-5822

Inappropriate implementation in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

8.8CVSS7.7AI score0.01162EPSS

CVE•added 2024/03/06 7:15 p.m.•291 views

CVE-2024-2173

Out of bounds memory access in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.6AI score0.00097EPSS

CVE•added 2019/06/27 5:15 p.m.•290 views

CVE-2019-5830

Insufficient policy enforcement in CORS in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5CVSS6.2AI score0.00871EPSS

CVE•added 2019/06/27 5:15 p.m.•290 views

CVE-2019-5833

Incorrect dialog box scoping in browser in Google Chrome on Android prior to 75.0.3770.80 allowed a remote attacker to display misleading security UI via a crafted HTML page.

4.3CVSS4.9AI score0.0078EPSS

CVE•added 2020/01/03 11:15 p.m.•290 views

CVE-2019-5846

Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

6.5CVSS7AI score0.00966EPSS

CVE•added 2020/04/13 6:15 p.m.•290 views

CVE-2020-6434

Use after free in devtools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.01485EPSS

CVE•added 2023/08/03 1:15 a.m.•290 views

CVE-2023-4076

Use after free in WebRTC in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC session. (Chromium security severity: High)

8.8CVSS8.8AI score0.00781EPSS

CVE•added 2020/04/13 6:15 p.m.•289 views

CVE-2020-6430

Type Confusion in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.3AI score0.01896EPSS

CVE•added 2020/04/13 6:15 p.m.•289 views

CVE-2020-6443

Insufficient data validation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to execute arbitrary code via a crafted HTML page.

8.8CVSS8.2AI score0.01339EPSS

CVE•added 2023/05/30 10:15 p.m.•289 views

CVE-2023-2938

4.3CVSS4.7AI score0.00128EPSS

CVE•added 2023/08/03 1:15 a.m.•289 views

CVE-2023-4069

Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.4AI score0.02166EPSS

CVE•added 2023/08/23 12:15 a.m.•289 views

CVE-2023-4429

Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.8AI score0.00392EPSS

CVE•added 2023/10/11 11:15 p.m.•289 views

CVE-2023-5483

Inappropriate implementation in Intents in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)

6.5CVSS6.3AI score0.00073EPSS

CVE•added 2020/03/23 4:15 p.m.•288 views

CVE-2020-6425

Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted Chrome Extension.

5.8CVSS5.8AI score0.00492EPSS

CVE•added 2020/05/21 4:15 a.m.•288 views

CVE-2020-6489

Inappropriate implementation in developer tools in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had convinced the user to take certain actions in developer tools to obtain potentially sensitive information from disk via a crafted HTML page.

4.3CVSS4.8AI score0.01041EPSS

CVE•added 2020/07/22 5:15 p.m.•288 views

CVE-2020-6524

Heap buffer overflow in WebAudio in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

9.3CVSS8.9AI score0.03228EPSS

CVE•added 2024/09/17 9:15 p.m.•288 views

CVE-2024-8904

Type Confusion in V8 in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.6AI score0.00182EPSS

Total number of security vulnerabilities3596